<!DOCTYPE html>
<html id="docs" lang="en" class="">
	<head>
	<meta charset="utf-8">
<title>Service Catalog - Kubernetes</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" type="image/png" href="../../../../images/favicon.png">
<link rel="stylesheet" type="text/css" href="../../../../css/base_fonts.css">
<link rel="stylesheet" type="text/css" href="../../../../css/styles.css">
<link rel="stylesheet" type="text/css" href="https://code.jquery.com/ui/1.12.1/themes/smoothness/jquery-ui.css">
<link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.css">
<link rel="stylesheet" type="text/css" href="../../../../css/callouts.css">
<link rel="stylesheet" type="text/css" href="../../../../css/custom-jekyll/tags.css">




<meta name="description" content="Service Catalog" />
<meta property="og:description" content="Service Catalog" />

<meta property="og:url" content="https://kubernetes.io/docs/concepts/extend-kubernetes/service-catalog/" />
<meta property="og:title" content="Service Catalog - Kubernetes" />

<script
src="https://code.jquery.com/jquery-3.2.1.min.js"
integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4="
crossorigin="anonymous"></script>
<script
src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js"
integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU="
crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.js"></script>
<script src="../../../../js/script.js"></script>
<script src="../../../../js/custom-jekyll/tags.js"></script>


	</head>
	<body>
		<div id="cellophane" onclick="kub.toggleMenu()"></div>

<header>
    <a href="../../../../index.html" class="logo"></a>

    <div class="nav-buttons" data-auto-burger="primary">
        <ul class="global-nav">
            
            
            <li><a href="../../../home.1">Documentation</a></li>
            
            <li><a href="../../../../blog/index.html">Blog</a></li>
            
            <li><a href="../../../../partners/index.html">Partners</a></li>
            
            <li><a href="../../../../community/index.html">Community</a></li>
            
            <li><a href="../../../../case-studies/index.html">Case Studies</a></li>
            
            
             <li>
                <a href="../../service-catalog/index.html#">
                    English <span class="ui-icon ui-icon-carat-1-s"></span>
                </a>
                <ul>
                
                    <li><a href="../../../../zh/index.html">中文 Chinese</a></li>
                
                    <li><a href="../../../../ko/index.html">한국어 Korean</a></li>
                
                </ul>
            </li>
         
            <li>
                <a href="../../service-catalog/index.html#">
                    v1.11 <span class="ui-icon ui-icon-carat-1-s"></span>
                </a>
                <ul>
                
                    <li><a href="https://kubernetes.io">v1.12</a></li>
                
                    <li><a href="../../../../index.html">v1.11</a></li>
                
                    <li><a href="https://v1-10.docs.kubernetes.io">v1.10</a></li>
                
                    <li><a href="https://v1-9.docs.kubernetes.io">v1.9</a></li>
                
                </ul>
            </li>
        </ul>
        
        <a href="../../../tutorials/kubernetes-basics/index.html" class="button" id="tryKubernetes" data-auto-burger-exclude>Try Kubernetes</a>
        <button id="hamburger" onclick="kub.toggleMenu()" data-auto-burger-exclude><div></div></button>
    </div>

    <nav id="mainNav">
        <main data-auto-burger="primary">
        <div class="nav-box">
            <h3><a href="../../../tutorials/stateless-application/hello-minikube/index.html">Get Started</a></h3>
            <p>Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.</p>
        </div>
        <div class="nav-box">
            <h3><a href="../../../home.1">Documentation</a></h3>
            <p>Learn how to use Kubernetes with the use of walkthroughs, samples, and reference documentation. You can even <a href="../../../../editdocs/index.html" data-auto-burger-exclude>help contribute to the docs</a>!</p>
        </div>
        <div class="nav-box">
            <h3><a href="../../../../community/index.html">Community</a></h3>
            <p>If you need help, you can connect with other Kubernetes users and the Kubernetes authors, attend community events, and watch video presentations from around the web.</p>
        </div>
        <div class="nav-box">
            <h3><a href="../../../../blog/index.html">Blog</a></h3>
            <p>Read the latest news for Kubernetes and the containers space in general, and get technical how-tos hot off the presses.</p>
        </div>
        </main>
        <main data-auto-burger="primary">
        <div class="left">
            <h5 class="github-invite">Interested in hacking on the core Kubernetes code base?</h5>
            <a href="https://github.com/kubernetes/kubernetes" class="button" data-auto-burger-exclude>View On Github</a>
        </div>

        <div class="right">
            <h5 class="github-invite">Explore the community</h5>
            <div class="social">
                <a href="https://twitter.com/kubernetesio" class="twitter"><span>Twitter</span></a>
                <a href="https://github.com/kubernetes/kubernetes" class="github"><span>Github</span></a>
                <a href="http://slack.k8s.io/" class="slack"><span>Slack</span></a>
                <a href="http://stackoverflow.com/questions/tagged/kubernetes" class="stack-overflow"><span>Stack Overflow</span></a>
                <a href="https://discuss.kubernetes.io" class="mailing-list"><span>Forum</span></a>
                <a href="https://calendar.google.com/calendar/embed?src=nt2tcnbtbied3l6gi2h29slvc0%40group.calendar.google.com" class="calendar"><span>Events Calendar</span></a>
            </div>
        </div>
        <div class="clear" style="clear: both"></div>
        </main>
    </nav>
</header>

		
		
		<section id="hero" class="light-text no-sub">
			









<h1>Concepts</h1>
<h5></h5>








<div id="vendorStrip" class="light-text">
	<ul>
		
		
		<li><a href="../../../home.1">DOCUMENTATION</a></li>
		
		
		<li><a href="../../../setup/index.html">SETUP</a></li>
		
		
		<li><a href="../../index.html" class="YAH">CONCEPTS</a></li>
		
		
		<li><a href="../../../tasks/index.html">TASKS</a></li>
		
		
		<li><a href="../../../tutorials/index.html">TUTORIALS</a></li>
		
		
		<li><a href="../../../reference.1">REFERENCE</a></li>
		
	</ul>
	<div id="searchBox">
		<input type="text" id="search" placeholder="Search" onkeydown="if (event.keyCode==13) window.location.replace('/docs/search/?q=' + this.value)" autofocus="autofocus">
	</div>
</div>

		</section>
		
		
<section id="deprecationWarning">
  <main>
    <div class="content deprecation-warning">
      <h3>
        Documentation for Kubernetes v1.11 is no longer actively maintained. The version you are currently viewing is a static snapshot.
        For up-to-date documentation, see the <a href="https://kubernetes.io/docs/home/">latest</a> version.
      </h3>
    </div>
  </main>
</section>


		<section id="encyclopedia">
			
<div id="docsToc">
     <div class="pi-accordion">
    	
        
        
        
        
        
         
             
                 
             
         
             
                 
             
         
             
                 
                          
                          
                 
             
         
             
         
             
         
             
         
             
         
             
         
         
        
        <a class="item" data-title="Concepts" href="../../index.html"></a>

	
	
		
		
	<div class="item" data-title="Overview">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="What is Kubernetes?" href="../../overview/index.html"></a>

		
	
		
		
<a class="item" data-title="Kubernetes Components" href="../../overview/components.1"></a>

		
	
		
		
<a class="item" data-title="The Kubernetes API" href="../../overview/kubernetes-api/index.html"></a>

		
	
		
		
	<div class="item" data-title="Working with Kubernetes Objects">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Understanding Kubernetes Objects" href="../../overview/working-with-objects/kubernetes-objects.1"></a>

		
	
		
		
<a class="item" data-title="Names" href="../../../user-guide/identifiers"></a>

		
	
		
		
<a class="item" data-title="Namespaces" href="../../overview/working-with-objects/namespaces.1"></a>

		
	
		
		
<a class="item" data-title="Labels and Selectors" href="../../../user-guide/labels"></a>

		
	
		
		
<a class="item" data-title="Annotations" href="../../overview/working-with-objects/annotations.1"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Object Management Using kubectl">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Kubernetes Object Management" href="../../../tutorials/object-management-kubectl/object-management/index.html"></a>

		
	
		
		
<a class="item" data-title="Managing Kubernetes Objects Using Imperative Commands" href="../../../tutorials/object-management-kubectl/imperative-object-management-command/index.html"></a>

		
	
		
		
<a class="item" data-title="Imperative Management of Kubernetes Objects Using Configuration Files" href="../../../tutorials/object-management-kubectl/imperative-object-management-configuration/index.html"></a>

		
	
		
		
<a class="item" data-title="Declarative Management of Kubernetes Objects Using Configuration Files" href="../../../tutorials/object-management-kubectl/declarative-object-management-configuration/index.html"></a>

		
	

		</div>
	</div>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Compute, Storage, and Networking Extensions">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Cluster Administration Overview" href="../../cluster-administration/cluster-administration-overview/index.html"></a>

		
	
		
		
<a class="item" data-title="Certificates" href="../../cluster-administration/certificates/index.html"></a>

		
	
		
		
<a class="item" data-title="Cloud Providers" href="../../cluster-administration/cloud-providers/index.html"></a>

		
	
		
		
<a class="item" data-title="Managing Resources" href="../../cluster-administration/manage-deployment/index.html"></a>

		
	
		
		
<a class="item" data-title="Cluster Networking" href="../../../admin/networking"></a>

		
	
		
		
<a class="item" data-title="Logging Architecture" href="../../cluster-administration/logging.1"></a>

		
	
		
		
<a class="item" data-title="Configuring kubelet Garbage Collection" href="../../cluster-administration/kubelet-garbage-collection/index.html"></a>

		
	
		
		
<a class="item" data-title="Federation" href="../../cluster-administration/federation/index.html"></a>

		
	
		
		
<a class="item" data-title="Proxies in Kubernetes" href="../../cluster-administration/proxies/index.html"></a>

		
	
		
		
<a class="item" data-title="Controller manager metrics" href="../../cluster-administration/controller-metrics/index.html"></a>

		
	
		
		
<a class="item" data-title="Installing Addons" href="../../cluster-administration/addons/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Kubernetes Architecture">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Nodes" href="../../../admin/node.1"></a>

		
	
		
		
<a class="item" data-title="Master-Node communication" href="../../architecture/master-node-communication/index.html"></a>

		
	
		
		
<a class="item" data-title="Concepts Underlying the Cloud Controller Manager" href="../../architecture/cloud-controller/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Extending Kubernetes">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Extending your Kubernetes Cluster" href="../../overview/extending/index.html"></a>

		
	
		
		
	<div class="item" data-title="Extending the Kubernetes API">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Extending the Kubernetes API with the aggregation layer" href="../../api-extension/apiserver-aggregation.1"></a>

		
	
		
		
<a class="item" data-title="Custom Resources" href="../../api-extension/custom-resources/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Compute, Storage, and Networking Extensions">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Network Plugins" href="../../../admin/network-plugins/index.html"></a>

		
	
		
		
<a class="item" data-title="Device Plugins" href="../../cluster-administration/device-plugins.1"></a>

		
	

		</div>
	</div>

		
	
		
		
<a class="item" data-title="Service Catalog" href="../../service-catalog/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Containers">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Images" href="../../containers/images/index.html"></a>

		
	
		
		
<a class="item" data-title="Container Environment Variables" href="../../containers/container-environment-variables/index.html"></a>

		
	
		
		
<a class="item" data-title="Container Lifecycle Hooks" href="../../containers/container-lifecycle-hooks/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Workloads">
		<div class="container">
		
		
	
	
		
		
	<div class="item" data-title="Pods">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Pod Overview" href="../../workloads/pods/pod-overview/index.html"></a>

		
	
		
		
<a class="item" data-title="Pods" href="../../../user-guide/pods/index.html"></a>

		
	
		
		
<a class="item" data-title="Pod Lifecycle" href="../../../user-guide/pod-states/index.html"></a>

		
	
		
		
<a class="item" data-title="Init Containers" href="../../abstractions/init-containers/index.html"></a>

		
	
		
		
<a class="item" data-title="Pod Preset" href="../../workloads/pods/podpreset/index.html"></a>

		
	
		
		
<a class="item" data-title="Disruptions" href="../../workloads/pods/disruptions/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Controllers">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="ReplicaSet" href="../../workloads/controllers/replicaset/index.html"></a>

		
	
		
		
<a class="item" data-title="ReplicationController" href="../../../user-guide/replication-controller/index.html"></a>

		
	
		
		
<a class="item" data-title="Deployments" href="../../workloads/controllers/deployment/index.html"></a>

		
	
		
		
<a class="item" data-title="StatefulSets" href="../../workloads/controllers/statefulset.md"></a>

		
	
		
		
<a class="item" data-title="DaemonSet" href="../../workloads/controllers/daemonset.1"></a>

		
	
		
		
<a class="item" data-title="Garbage Collection" href="../../workloads/controllers/garbage-collection/index.html"></a>

		
	
		
		
<a class="item" data-title="Jobs - Run to Completion" href="../../workloads/controllers/jobs-run-to-completion.1"></a>

		
	
		
		
<a class="item" data-title="CronJob" href="../../workloads/controllers/cron-jobs.1"></a>

		
	

		</div>
	</div>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Configuration">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Configuration Best Practices" href="../../configuration/overview/index.html"></a>

		
	
		
		
<a class="item" data-title="Managing Compute Resources for Containers" href="../../../user-guide/compute-resources/index.html"></a>

		
	
		
		
<a class="item" data-title="Assigning Pods to Nodes" href="../../../user-guide/node-selection/index.html"></a>

		
	
		
		
<a class="item" data-title="Taints and Tolerations" href="../../configuration/taint-and-toleration.1"></a>

		
	
		
		
<a class="item" data-title="Secrets" href="../../../user-guide/secrets.1"></a>

		
	
		
		
<a class="item" data-title="Organizing Cluster Access Using kubeconfig Files" href="../../configuration/organize-cluster-access-kubeconfig/index.html"></a>

		
	
		
		
<a class="item" data-title="Pod Priority and Preemption" href="../../configuration/pod-priority-preemption/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Services, Load Balancing, and Networking">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Services" href="../../../user-guide/services"></a>

		
	
		
		
<a class="item" data-title="DNS for Services and Pods" href="../../services-networking/dns-pod-service/index.html"></a>

		
	
		
		
<a class="item" data-title="Connecting Applications with Services" href="../../services-networking/connect-applications-service.1"></a>

		
	
		
		
<a class="item" data-title="Ingress" href="../../services-networking/ingress/index.html"></a>

		
	
		
		
<a class="item" data-title="Network Policies" href="../../services-networking/networkpolicies/index.html"></a>

		
	
		
		
<a class="item" data-title="Adding entries to Pod /etc/hosts with HostAliases" href="../../services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Storage">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Volumes" href="../../storage/volumes.1"></a>

		
	
		
		
<a class="item" data-title="Persistent Volumes" href="../../../user-guide/persistent-volumes/index.html"></a>

		
	
		
		
<a class="item" data-title="Storage Classes" href="../../storage/storage-classes.1"></a>

		
	
		
		
<a class="item" data-title="Dynamic Volume Provisioning" href="../../storage/dynamic-provisioning/index.html"></a>

		
	
		
		
<a class="item" data-title="Node-specific Volume Limits" href="../../storage/storage-limits/index.html"></a>

		
	

		</div>
	</div>

		
	
		
		
	<div class="item" data-title="Policies">
		<div class="container">
		
		
	
	
		
		
<a class="item" data-title="Resource Quotas" href="../../policy/resource-quotas/index.html"></a>

		
	
		
		
<a class="item" data-title="Pod Security Policies" href="../../../user-guide/pod-security-policy"></a>

		
	

		</div>
	</div>

		
	






     </div> 
    <button class="push-menu-close-button" onclick="kub.toggleToc()"></button>
</div> 

			<div id="docsContent">
				
<p><a href="../../../editdocs#docs/concepts/extend-kubernetes/service-catalog.md" id="editPageButton">Edit This Page</a></p>

<h1>Service Catalog</h1>



<p><p>Service Catalog is an extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.</p></p>

<p></p>

<p>It provides a way to list, provision, and bind with external <a class='glossary-tooltip' href='../../../reference/glossary/index.html?all=true#term-managed-service' target='_blank'>Managed Services<span class='tooltip-text'>A software offering maintained by a third-party provider.</span>
</a> from <a class='glossary-tooltip' href='../../../reference/glossary/index.html?all=true#term-service-broker' target='_blank'>Service Brokers<span class='tooltip-text'>An endpoint for a set of Managed Services offered and maintained by a third-party.</span>
</a> without needing detailed knowledge about how those services are created or managed.</p>  

<p>A service broker, as defined by the <a href="https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md" target="_blank">Open service broker API spec</a>, is an endpoint for a set of managed services offered and maintained by a third-party, which could be a cloud provider such as AWS, GCP, or Azure.
Some examples of managed services are Microsoft Azure Cloud Queue, Amazon Simple Queue Service, and Google Cloud Pub/Sub, but they can be any software offering that can be used by an application.</p>

<p>Using Service Catalog, a <a class='glossary-tooltip' href='../../../reference/glossary/index.html?all=true#term-cluster-operator' target='_blank'>cluster operator<span class='tooltip-text'>A person who configures, controls, and monitors clusters.</span>
</a> can browse the list of managed services offered by a service broker, provision an instance of a managed service, and bind with it to make it available to an application in the Kubernetes cluster.</p>









<ul id="markdown-toc">










<li><a href="../../service-catalog/index.html#example-use-case">Example use case</a></li>




<li><a href="../../service-catalog/index.html#architecture">Architecture</a></li>




<li><a href="../../service-catalog/index.html#usage">Usage</a></li>




















<li><a href="../../service-catalog/index.html#what-s-next">What's next</a></li>



</ul>


<h2 id="example-use-case">Example use case</h2>

<p>An <a class='glossary-tooltip' href='../../../reference/glossary/index.html?all=true#term-application-developer' target='_blank'>application developer<span class='tooltip-text'>A person who writes an application that runs in a Kubernetes cluster.</span>
</a> wants to use message queuing as part of their application running in a Kubernetes cluster.
However, they do not want to deal with the overhead of setting such a service up and administering it themselves.
Fortunately, there is a cloud provider that offers message queuing as a managed service through its service broker.</p>

<p>A cluster operator can setup Service Catalog and use it to communicate with the cloud provider&rsquo;s service broker to provision an instance of the message queuing service and make it available to the application within the Kubernetes cluster.
The application developer therefore does not need to be concerned with the implementation details or management of the message queue.
The application can simply use it as a service.</p>

<h2 id="architecture">Architecture</h2>

<p>Service Catalog uses the <a href="https://github.com/openservicebrokerapi/servicebroker" target="_blank">Open service broker API</a> to communicate with service brokers, acting as an intermediary for the Kubernetes API Server to negotiate the initial provisioning and retrieve the credentials necessary for the application to use a managed service.</p>

<p>It is implemented as an extension API server and a controller, using etcd for storage. It also uses the <a href="../../api-extension/apiserver-aggregation/index.html">aggregation layer</a> available in Kubernetes 1.7+ to present its API.</p>

<p><br></p>

<p><img src="../../../../images/docs/service-catalog-architecture.svg" alt="Service Catalog Architecture" /></p>

<h3 id="api-resources">API Resources</h3>

<p>Service Catalog installs the <code>servicecatalog.k8s.io</code> API and provides the following Kubernetes resources:</p>

<ul>
<li><code>ClusterServiceBroker</code>: An in-cluster representation of a service broker, encapsulating its server connection details.
These are created and managed by cluster operators who wish to use that broker server to make new types of managed services available within their cluster.</li>
<li><code>ClusterServiceClass</code>: A managed service offered by a particular service broker.
When a new <code>ClusterServiceBroker</code> resource is added to the cluster, the Service Catalog controller connects to the service broker to obtain a list of available managed services. It then creates a new <code>ClusterServiceClass</code> resource corresponding to each managed service.</li>
<li><code>ClusterServicePlan</code>: A specific offering of a managed service. For example, a managed service may have different plans available, such as a free tier or paid tier, or it may have different configuration options, such as using SSD storage or having more resources. Similar to <code>ClusterServiceClass</code>, when a new <code>ClusterServiceBroker</code> is added to the cluster, Service Catalog creates a new <code>ClusterServicePlan</code> resource corresponding to each Service Plan available for each managed service.</li>
<li><code>ServiceInstance</code>: A provisioned instance of a <code>ClusterServiceClass</code>.
These are created by cluster operators to make a specific instance of a managed service available for use by one or more in-cluster applications.
When a new <code>ServiceInstance</code> resource is created, the Service Catalog controller connects to the appropriate service broker and instruct it to provision the service instance.</li>
<li><code>ServiceBinding</code>: Access credentials to a <code>ServiceInstance</code>.
These are created by cluster operators who want their applications to make use of a <code>ServiceInstance</code>.
Upon creation, the Service Catalog controller creates a Kubernetes <code>Secret</code> containing connection details and credentials for the Service Instance, which can be mounted into Pods.</li>
</ul>

<h3 id="authentication">Authentication</h3>

<p>Service Catalog supports these methods of authentication:</p>

<ul>
<li>Basic (username/password)</li>
<li><a href="https://tools.ietf.org/html/rfc6750" target="_blank">OAuth 2.0 Bearer Token</a></li>
</ul>

<h2 id="usage">Usage</h2>

<p>A cluster operator can use Service Catalog API Resources to provision managed services and make them available within a Kubernetes cluster. The steps involved are:</p>

<ol>
<li>Listing the managed services and Service Plans available from a service broker.</li>
<li>Provisioning a new instance of the managed service.</li>
<li>Binding to the managed service, which returns the connection credentials.</li>
<li>Mapping the connection credentials into the application.</li>
</ol>

<h3 id="listing-managed-services-and-service-plans">Listing managed services and Service Plans</h3>

<p>First, a cluster operator must create a <code>ClusterServiceBroker</code> resource within the <code>servicecatalog.k8s.io</code> group. This resource contains the URL and connection details necessary to access a service broker endpoint.</p>

<p>This is an example of a <code>ClusterServiceBroker</code> resource:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">apiVersion:<span style="color:#bbb"> </span>servicecatalog.k8s.io/v1beta1<span style="color:#bbb">
</span><span style="color:#bbb"></span>kind:<span style="color:#bbb"> </span>ClusterServiceBroker<span style="color:#bbb">
</span><span style="color:#bbb"></span>metadata:<span style="color:#bbb">
</span><span style="color:#bbb">  </span>name:<span style="color:#bbb"> </span>cloud-broker<span style="color:#bbb">
</span><span style="color:#bbb"></span>spec:<span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># Points to the endpoint of a service broker. (This example is not a working URL.)</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span>url:<span style="color:#bbb">  </span>https://servicebroker.somecloudprovider.com/v1alpha1/projects/service-catalog/brokers/default<span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic">#####</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># Additional values can be added here, which may be used to communicate</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># with the service broker, such as bearer token info or a caBundle for TLS.</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic">#####</span></code></pre></div>
<p>The following is a sequence diagram illustrating the steps involved in listing managed services and Plans available from a service broker:</p>

<p><img src="../../../../images/docs/service-catalog-list.svg" alt="List Services" /></p>

<ol>
<li>Once the <code>ClusterServiceBroker</code> resource is added to Service Catalog, it triggers a call to the external service broker for a list of available services.</li>
<li>The service broker returns a list of available managed services and a list of Service Plans, which are cached locally as <code>ClusterServiceClass</code> and <code>ClusterServicePlan</code> resources respectively.</li>

<li><p>A cluster operator can then get the list of available managed services using the following command:</p>

<pre><code>kubectl get clusterserviceclasses -o=custom-columns=SERVICE\ NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
</code></pre>

<p>It should output a list of service names with a format similar to:</p>

<pre><code>SERVICE NAME                           EXTERNAL NAME
4f6e6cf6-ffdd-425f-a2c7-3c9258ad2468   cloud-provider-service
...                                    ...
</code></pre>

<p>They can also view the Service Plans available using the following command:</p>

<pre><code>kubectl get clusterserviceplans -o=custom-columns=PLAN\ NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
</code></pre>

<p>It should output a list of plan names with a format similar to:</p>

<pre><code>PLAN NAME                              EXTERNAL NAME
86064792-7ea2-467b-af93-ac9694d96d52   service-plan-name
...                                    ...
</code></pre></li>
</ol>

<h3 id="provisioning-a-new-instance">Provisioning a new instance</h3>

<p>A cluster operator can initiate the provisioning of a new instance by creating a <code>ServiceInstance</code> resource.</p>

<p>This is an example of a <code>ServiceInstance</code> resource:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">apiVersion:<span style="color:#bbb"> </span>servicecatalog.k8s.io/v1beta1<span style="color:#bbb">
</span><span style="color:#bbb"></span>kind:<span style="color:#bbb"> </span>ServiceInstance<span style="color:#bbb">
</span><span style="color:#bbb"></span>metadata:<span style="color:#bbb">
</span><span style="color:#bbb">  </span>name:<span style="color:#bbb"> </span>cloud-queue-instance<span style="color:#bbb">
</span><span style="color:#bbb">  </span>namespace:<span style="color:#bbb"> </span>cloud-apps<span style="color:#bbb">
</span><span style="color:#bbb"></span>spec:<span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># References one of the previously returned services</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span>clusterServiceClassExternalName:<span style="color:#bbb"> </span>cloud-provider-service<span style="color:#bbb">
</span><span style="color:#bbb">  </span>clusterServicePlanExternalName:<span style="color:#bbb"> </span>service-plan-name<span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic">#####</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># Additional parameters can be added here,</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># which may be used by the service broker.</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic">#####</span></code></pre></div>
<p>The following sequence diagram illustrates the steps involved in provisioning a new instance of a managed service:</p>

<p><img src="../../../../images/docs/service-catalog-provision.svg" alt="Provision a Service" /></p>

<ol>
<li>When the <code>ServiceInstance</code> resource is created, Service Catalog initiates a call to the external service broker to provision an instance of the service.</li>
<li>The service broker creates a new instance of the managed service and returns an HTTP response.</li>
<li>A cluster operator can then check the status of the instance to see if it is ready.</li>
</ol>

<h3 id="binding-to-a-managed-service">Binding to a managed service</h3>

<p>After a new instance has been provisioned, a cluster operator must bind to the managed service to get the connection credentials and service account details necessary for the application to use the service. This is done by creating a <code>ServiceBinding</code> resource.</p>

<p>The following is an example of a <code>ServiceBinding</code> resource:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">apiVersion:<span style="color:#bbb"> </span>servicecatalog.k8s.io/v1beta1<span style="color:#bbb">
</span><span style="color:#bbb"></span>kind:<span style="color:#bbb"> </span>ServiceBinding<span style="color:#bbb">
</span><span style="color:#bbb"></span>metadata:<span style="color:#bbb">
</span><span style="color:#bbb">  </span>name:<span style="color:#bbb"> </span>cloud-queue-binding<span style="color:#bbb">
</span><span style="color:#bbb">  </span>namespace:<span style="color:#bbb"> </span>cloud-apps<span style="color:#bbb">
</span><span style="color:#bbb"></span>spec:<span style="color:#bbb">
</span><span style="color:#bbb">  </span>instanceRef:<span style="color:#bbb">
</span><span style="color:#bbb">    </span>name:<span style="color:#bbb"> </span>cloud-queue-instance<span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic">#####</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># Additional information can be added here, such as a secretName or</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic"># service account parameters, which may be used by the service broker.</span><span style="color:#bbb">
</span><span style="color:#bbb">  </span><span style="color:#080;font-style:italic">#####</span></code></pre></div>
<p>The following sequence diagram illustrates the steps involved in binding to a managed service instance:</p>

<p><img src="../../../../images/docs/service-catalog-bind.svg" alt="Bind to a managed service" /></p>

<ol>
<li>After the <code>ServiceBinding</code> is created, Service Catalog makes a call to the external service broker requesting the information necessary to bind with the service instance.</li>
<li>The service broker enables the application permissions/roles for the appropriate service account.</li>
<li>The service broker returns the information necessary to connect and access the managed service instance. This is provider and service-specific so the information returned may differ between Service Providers and their managed services.</li>
</ol>

<h3 id="mapping-the-connection-credentials">Mapping the connection credentials</h3>

<p>After binding, the final step involves mapping the connection credentials and service-specific information into the application.
These pieces of information are stored in secrets that the application in the cluster can access and use to connect directly with the managed service.</p>

<p><br></p>

<p><img src="../../../../images/docs/service-catalog-map.svg" alt="Map connection credentials" /></p>

<h4 id="pod-configuration-file">Pod configuration File</h4>

<p>One method to perform this mapping is to use a declarative Pod configuration.</p>

<p>The following example describes how to map service account credentials into the application. A key called <code>sa-key</code> is stored in a volume named <code>provider-cloud-key</code>, and the application mounts this volume at <code>/var/secrets/provider/key.json</code>. The environment variable <code>PROVIDER_APPLICATION_CREDENTIALS</code> is mapped from the value of the mounted file.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">...<span style="color:#bbb">
</span><span style="color:#bbb">    </span>spec:<span style="color:#bbb">
</span><span style="color:#bbb">      </span>volumes:<span style="color:#bbb">
</span><span style="color:#bbb">        </span>-<span style="color:#bbb"> </span>name:<span style="color:#bbb"> </span>provider-cloud-key<span style="color:#bbb">
</span><span style="color:#bbb">          </span>secret:<span style="color:#bbb">
</span><span style="color:#bbb">            </span>secretName:<span style="color:#bbb"> </span>sa-key<span style="color:#bbb">
</span><span style="color:#bbb">      </span>containers:<span style="color:#bbb">
</span><span style="color:#bbb"></span>...<span style="color:#bbb">
</span><span style="color:#bbb">          </span>volumeMounts:<span style="color:#bbb">
</span><span style="color:#bbb">          </span>-<span style="color:#bbb"> </span>name:<span style="color:#bbb"> </span>provider-cloud-key<span style="color:#bbb">
</span><span style="color:#bbb">            </span>mountPath:<span style="color:#bbb"> </span>/var/secrets/provider<span style="color:#bbb">
</span><span style="color:#bbb">          </span>env:<span style="color:#bbb">
</span><span style="color:#bbb">          </span>-<span style="color:#bbb"> </span>name:<span style="color:#bbb"> </span>PROVIDER_APPLICATION_CREDENTIALS<span style="color:#bbb">
</span><span style="color:#bbb">            </span>value:<span style="color:#bbb"> </span><span style="color:#b44">&#34;/var/secrets/provider/key.json&#34;</span></code></pre></div>
<p>The following example describes how to map secret values into application environment variables. In this example, the messaging queue topic name is mapped from a secret named <code>provider-queue-credentials</code> with a key named <code>topic</code> to the environment variable <code>TOPIC</code>.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml">...<span style="color:#bbb">
</span><span style="color:#bbb">          </span>env:<span style="color:#bbb">
</span><span style="color:#bbb">          </span>-<span style="color:#bbb"> </span>name:<span style="color:#bbb"> </span><span style="color:#b44">&#34;TOPIC&#34;</span><span style="color:#bbb">
</span><span style="color:#bbb">            </span>valueFrom:<span style="color:#bbb">
</span><span style="color:#bbb">                </span>secretKeyRef:<span style="color:#bbb">
</span><span style="color:#bbb">                   </span>name:<span style="color:#bbb"> </span>provider-queue-credentials<span style="color:#bbb">
</span><span style="color:#bbb">                   </span>key:<span style="color:#bbb"> </span>topic</code></pre></div>











<h2 id="what-s-next">What&#39;s next</h2>
<ul>
<li>If you are familiar with <a class='glossary-tooltip' href='https://github.com/kubernetes/helm/blob/master/docs/charts.md' target='_blank'>Helm Charts<span class='tooltip-text'>A package of pre-configured Kubernetes resources that can be managed with the Helm tool.</span>
</a>, <a href="../../../tasks/service-catalog/install-service-catalog-using-helm/index.html">install Service Catalog using Helm</a> into your Kubernetes cluster. Alternatively, you can <a href="../../../tasks/service-catalog/install-service-catalog-using-sc/index.html">install Service Catalog using the SC tool</a>.</li>
<li>View <a href="https://github.com/openservicebrokerapi/servicebroker/blob/master/gettingStarted.md#sample-service-brokers" target="_blank">sample service brokers</a>.</li>
<li>Explore the <a href="https://github.com/kubernetes-incubator/service-catalog" target="_blank">kubernetes-incubator/service-catalog</a> project.</li>
<li>View <a href="https://svc-cat.io/docs/" target="_blank">svc-cat.io</a>.</li>
</ul>






				<div class="issue-button-container">
					<p><a href="../../service-catalog/index.html"><img src="https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/concepts/extend-kubernetes/service-catalog.md?pixel" alt="Analytics" /></a></p>
					
					
					<script type="text/javascript">
					PDRTJS_settings_8345992 = {
					"id" : "8345992",
					"unique_id" : "\/docs\/concepts\/extend-kubernetes\/service-catalog\/",
					"title" : "Service Catalog",
					"permalink" : "https:\/\/kubernetes.io\/docs\/concepts\/extend-kubernetes\/service-catalog\/"
					};
					(function(d,c,j){if(!document.getElementById(j)){var pd=d.createElement(c),s;pd.id=j;pd.src=('https:'==document.location.protocol)?'https://polldaddy.com/js/rating/rating.js':'http://i0.poll.fm/js/rating/rating.js';s=document.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);}}(document,'script','pd-rating-js'));
					</script>
					<a href="../../service-catalog/index.html" onclick="window.open('https://github.com/kubernetes/website/issues/new?title=Issue%20with%20' +
					'k8s.io'+window.location.pathname)" class="button issue">Create an Issue</a>
					
					
					
					<a href="../../../editdocs#docs/concepts/extend-kubernetes/service-catalog.md" class="button issue">Edit this Page</a>
					
				</div>
			</div>
		</section>
		<footer>
    <main class="light-text">
        <nav>
            
            
            
            <a href="../../../home.1">Documentation</a>
            
            <a href="../../../../blog/index.html">Blog</a>
            
            <a href="../../../../partners/index.html">Partners</a>
            
            <a href="../../../../community/index.html">Community</a>
            
            <a href="../../../../case-studies/index.html">Case Studies</a>
            
        </nav>
        <div class="social">
            <div>
                <a href="https://twitter.com/kubernetesio" class="twitter"><span>twitter</span></a>
                <a href="https://github.com/kubernetes/kubernetes" class="github"><span>Github</span></a>
                <a href="http://slack.k8s.io/" class="slack"><span>Slack</span></a>
            </div>
            <div>
                <a href="http://stackoverflow.com/questions/tagged/kubernetes" class="stack-overflow"><span>Stack Overflow</span></a>
                <a href="https://discuss.kubernetes.io" class="mailing-list"><span>Forum</span></a>
                <a href="https://calendar.google.com/calendar/embed?src=nt2tcnbtbied3l6gi2h29slvc0%40group.calendar.google.com" class="calendar"><span>Events Calendar</span></a>
            </div>
            <div>
                <a href="../../../getting-started-guides/index.html" class="button">Get Kubernetes</a>
                <a href="https://git.k8s.io/community/contributors/guide" class="button">Contribute</a>
            </div>
        </div>
        <div id="miceType" class="center">
            &copy; 2018 The Kubernetes Authors | Documentation Distributed under <a href="https://git.k8s.io/website/LICENSE" class="light-text">CC BY 4.0</a>
        </div>
        <div id="miceType" class="center">
            Copyright &copy; 2018 The Linux Foundation&reg;. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage" class="light-text">Trademark Usage page</a>
        </div>
    </main>
</footer>

		<button class="flyout-button" onclick="kub.toggleToc()"></button>

<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-36037335-10', 'auto');
ga('send', 'pageview');


(function () {
    window.addEventListener('DOMContentLoaded', init)

        
        function init() {
            window.removeEventListener('DOMContentLoaded', init)
                hideNav()
        }

    function hideNav(toc){
        if (!toc) toc = document.querySelector('#docsToc')
        if (!toc) return
            var container = toc.querySelector('.container')

                
                if (container) {
                    if (container.childElementCount === 0 || toc.querySelectorAll('a.item').length === 1) {
                        toc.style.display = 'none'
                            document.getElementById('docsContent').style.width = '100%'
                    }
                } else {
                    requestAnimationFrame(function () {
                        hideNav(toc)
                    })
                }
    }
})();
</script>



	</body>
</html>